Hi,
I'm trying to configure a site-to-site VPN with full mesh, my side is a SRX240 cluster, the remote location uses Cisco ASA (not sure about the exact model, I don't have management access).
We need to connect multiple networks on both sides and the examples [0] are unfortunately not working in our enviroment because they are based on FBF rules - the st0 interface doesn't support firewall filters.
Network schema:
10.0.0.0/24 10.1.0.0/24
|| ||
LAN LAN
|| ||
-------------
| Cisco ASA |
-------------
||
VPN
||
-------------
| SRX 240 |
-------------
reth0 st0
|| ||
LAN VPN
|| ||
10.2.0.0/24 10.3.0.0/24
Any ideas how to roll out such a VPN structure? I'm quite sure it should be possible (routing instance voodoo?) but I'm not able to think anymore outside the box - any input is appreciated!
Thanks, Renke
[0] http://kb.juniper.net/InfoCenter/index?page=content&id=KB28861